Russia Steps Up Cyber-Espionage Against Ukraine Allies

Russian state-backed hackers have conducted network penetration and espionage activities against 128 organizations in 42 countries allied to Ukraine since the start of the war, according to Microsoft.

Aside from the US, which is Russia’s number one target, campaigns have also focused on Poland, which is where much military and humanitarian assistance is being coordinated, according to the tech giant’s president, Brad Smith.

The Baltic countries as well as Denmark, Norway, Finland, Sweden, and Turkey have also been targets, with governments and foreign ministries in particular singled out, he claimed.

“Russian targeting has prioritized governments, especially among NATO members. But the list of targets has also included think tanks, humanitarian organizations, IT companies, and energy and other critical infrastructure suppliers,” Smith continued.

“Since the start of the war, the Russian targeting we’ve identified has been successful 29% of the time. A quarter of these successful intrusions has led to confirmed exfiltration of an organization’s data, although as explained in the report, this likely understates the degree of Russian success.”

Microsoft warned of “significant collective defensive weaknesses” in many European governments, citing the SolarWinds attack as an example of the capability Russia has in the cyber-sphere.

Alongside these data gathering operations, Russia is waging an information war to sway public opinion in support of the war, both inside Russia and abroad, as well as sow division within Western countries, and to undermine Ukrainian resistance.

The third pillar of Russia’s cyber strategy is targeting Ukrainian assets directly, although care has been taken to ensure malware is not wormable and therefore at risk of “escaping” to third countries, as NotPetya did in 2017.

“Microsoft has seen the Russian military launch multiple waves of destructive cyber-attacks against 48 distinct Ukrainian agencies and enterprises,” Smith said. “These have sought to penetrate network domains by initially comprising hundreds of computers and then spreading malware designed to destroy the software and data on thousands of others.” 

What’s Hot on Infosecurity Magazine?